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RECEIVED 
CENTRAL FAX CENTER 

AMENDMENTS TO THE CLAIMS J(JN 2 1 2007 

1 . (Currently Amended) A method, comprising: 

generating a first level trusted computing base (TCB) having a plurality of 
hardware components including a trusted platform module (TPM); 
forming an extended TCB by adding a second level TCB to the first level TCB, 
wherein the second level TCB is software-based 

transferring properties associated with the first level TCB to the second level TCB^ 

adding one or more levels of software-based TCB to the extended TCB: 

»- 

transferring the properties associated with the first level TCB to the one or more 

levels of software-based TCB via one or more levels of TCB interfaces : 
storing measured values depending on a level of abstraction ofthe one or more 

levels of software TCB; and 
using the one or more levels of software TCB independent of hardware-bused or 

software-based implementation of a level of software TCB below the one 

or more levels of software TCB . 

2. (Original) The method of claim 1 , wherein the transferring ofthe properties is 
performed using a first level TCB interface having at least one ofthe following 
operations: secure storage, initiation of software integrity measurement, and 
attestation. 

3. (Original) The method of claim 1, wherein the properties associated with the first 
level TCB comprise trust and security properties including at least one ofthe 
following: tamper-resistant secure storage, tamper-resistant software measurement, 
tamper-resistant attestation of previously measured values via tamper-resistant 

. signature algorithms, and private keys. 

4. (Cancelled) 
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5. (Original) The method of claim 4, wherein a level of software-based TCB of the 
one or more levels of software-based TCB of a first system intact with a 
counterpart level of software TCB of a second system independent of other levels 
of the one or more levels of software-based TCB of the first system. 

6. (Cancelled) 

7. (Original) The method of claim 1 , wherein the second level TCB is executed 
independent of the first level TCB using a processor and main memory of a 
system. 

8. (Original) The method of claim 1> wherein the second level TCB and the one or 
more levels of software-based TCB use encryption keys for attestation and secure 
storage, the encryption keys are encrypted using protected encryption keys in a 
TCB level below the second level TCB and the one or more levels of software- 
based TCB, certified via a signature of the private attestation key of the TCB level 
below the second level TCB and the one or more levels of software-based TCB, 
and stored in the TCB level below the second level TCB and the one or more 
levels of software-based TCB and terminating at the first level TCB being a root 
of trust for the extended TCB. 

9. (Original) A method, comprising: 

generating a first level trusted computing base (TCB) having a plurality of 
hardware components including a trusted platform module (TPM); 

forming an extended TCB by adding a second level TCB to the first level TCB, 

wherein the second level TCB is software-based; 
adding a first virtual software TPM to the second level TCB; and 

transferring properties associated with a hardware TPM of the first level TCB to 

the first virtual software TPM, 
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10. (Original) The method of claim 9, further comprises generating a first virtual 
container corresponding to the first virtual software TPM, the first virtual 
container comprises trusted services including at least one of the following: 
network services, file system services, and provisioning services. 

1 1 . (Original) The method of claim 9, further comprises: 

adding one or more virtual software TPMs to the extended TCB, the one or more 
virtual software TPMs having the properties associated with the hardware 
TPM of the first level TCB; and 
generating one or more virtual containers corresponding to the one or more virtual 
software TPMs, the one or more virtual containers comprise trusted applications 
including at least one of the following: login, biometric pattern matching, and 
protected signal processing, 

12. (Original) The method of claim 10, wherein the first virtual software TPM 
comprises security assurance properties assigned to the first virtual containers to 
separate the first virtual containers from control of the hardware TPM. 

13. (Original) The method of claim 10, wherein the first virtual software TPM 
comprises tamper-resistajace properties derived from an address space isolation 
features and integrity measurement capabilities exposed by the first level TCB. 

14. (Original) The method of claim 9, further comprises transferring the properties 
associated with the hardware TPM of the first level TCB to the one or more 
virtual software TPMs, wherein the properties including the security assurance 
properties and the tamper-resistance properties. 

15. (Original) The method of claim 9, wherein the first level TCB comprises a root of 
trust for the extended TCB including the first level TCB, the second level TCB, 

the first virtual software TPM, the one or more virtual software TPMs, the first 
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virtual container, and the one or more virtual containers. 
. 16. (Original) The method of claim 15, further comprising: 

deleting data associated with the first virtual software TPM and the one or more 
virtual software TPMs of a first system to a counterpart virtual software 
TPM of a second system; and 
seamlessly migrating the data associated with the first virtual software TPM and 
the one or more virtual software TPMs of a first system to a counterpart 
virtual software TPM of a second system. 
Claims 17-23 (Cancelled) 

24. (Currently Amended) A machine-readable medium having stored thereon data 
r e presenting s e ts of comprising instructions, the sotfr o£instractions which, when 
executed by a machine, cause the machine to: 

generate a first level trusted computing base (TCB) having a plurality of hardware 
components including a trusted platform module (TPM); 

form an extended TCB by adding a second level TCB to the first level TCB, 

wherein the second level TCB is software-base d, wherein the second level 
TCB and the one or mote levels of so ftware-based TCB use encryption 
kevs for attestation and secure storage, the encryption keys arc encrypted 
using protected encryption kevs in a TCB level below the second level 
TCB and the one or more levels of software-based TCB. certified via a 
signature of the private attestation key of the TCB level below the second 
level TCB and the one or more levels of software-based TCB, and sto red 
in the TCB level below the second level TCB and the one or more levels 
of software-based TCB and terminatinti at the first level TCB being a ro ot 
of trust for the extended TCB : and 
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transfer properties associated with the first level TCB to the second level TCB. 

25. (Original) The machine-readable medium of claim 24, wherein the properties 
associated with the first level TCB comprise trust and security properties including 
at least one of the following: tamper-resistant secure storage, tamper-resistant 
software measurement, tamper-resistant attestation of previously measured values 
via tamper-resistant signature algorithms, and private keys. 

26. (Currently Amended) The machine-readable medium of claim 24, wherein the sets 

instructions which, w hen further executed by iho ma ch ine, further -cause the 
machine to: 

add one or more levels of software-based TCB to the extended TCB; and 
transfer the properties associated with the first level TCB to the one or more 

levels of software-based TCB via one or more levels of TCB interfaces. 

27. (Cancelled) 

28. (Original) A machine-readable medium having stored thereon data representing 
sequences of instructions, the sequencing of instructions which, when executed by 
a machine, cause the machine to: 

generate a first level trusted computing base (TCB) having a plurality of hardware 
components including a trusted platform module (TPM); 

form an extended TCB by adding a second level TCB to the first level TCB, 

wherein the second level TCB is software-based; 
add a first virtual software TPM to the second level TCB; and 

transfer properties associated with a hardware TPM of the first level TCB to the 
first virtual software TPM. 

29. (Original) The machine-readable medium of claim 28, wherein the sequences of 

instructions which, when executed by the machine, further cause the machine to 
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generate a first virtual container corresponding to the first virtual software TPM, 
the first virtual container comprises trusted services including at least one of the 
following: network services, file system services, and provisioning services, 
30. (Currently Amended) The machine-readable medium of claims? 24, wherein the 
sequences of instructions which, when executed by the machine, further cause the 
machine to: 

add one or more virtual software TPMs to the extended TCB, the one or more 

virtual software TPMs having the properties associated with the hardware 
TPM of the first level TCB; and 

generate one or more virtual containers corresponding to the one or more virtual 
software TPMs, the one or more virtual containers comprise trusted 
applications including at least one of the following: login, biometric 
pattern matching, and protected signal processing. 
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